115 HR 584 : Cyber Preparedness Act of 2017U.S. House of Representatives2017-02-01text/xmlENPursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.IIB115th CONGRESS1st SessionH. R. 584IN THE SENATE OF THE UNITED STATESFebruary 1, 2017 Received; read twice and referred to the Committee on Homeland Security and Governmental AffairsAN ACTTo amend the Homeland Security Act of 2002 to enhance preparedness and response capabilities for
cyber attacks, bolster the dissemination of homeland security information
related to cyber threats, and for other purposes.1.Short titleThis Act may be cited as the Cyber Preparedness Act of 2017.2.Information sharingTitle II of the Homeland Security Act of 2002 is amended—(1)in section 210A (6 U.S.C. 124h)—(A)in subsection (b)—(i)in paragraph (10), by inserting before the semicolon at the end the following: , including, in coordination with the national cybersecurity and communications integration center under section 227, access to timely technical assistance, risk management support, and incident response capabilities with respect to cyber threat indicators, defensive measures, cybersecurity risks, and incidents (as such terms are defined in such section), which may include attribution, mitigation, and remediation, and the provision of information and recommendations on security and resilience, including implications of cybersecurity risks to equipment and technology related to the electoral process;(ii)in paragraph (11), by striking and after the semicolon;(iii)by redesignating paragraph (12) as paragraph (14); and(iv)by inserting after paragraph (11) the following new paragraphs:(12)review information relating to cybersecurity risks that is gathered by State, local, and regional fusion centers, and incorporate such information, as appropriate, into the Department’s own information relating to cybersecurity risks;(13)ensure the dissemination to State, local, and regional fusion centers of information relating to cybersecurity risks; and;(B)in subsection (c)(2)—(i)by redesignating subparagraphs (C) through (G) as subparagraphs (D) through (H), respectively; and(ii)by inserting after subparagraph (B) the following new subparagraph:(C)The national cybersecurity and communications integration center under section 227.;(C)in subsection (d)—(i)in paragraph (3), by striking and after the semicolon;(ii)by redesignating paragraph (4) as paragraph (5); and(iii)by inserting after paragraph (3) the following new paragraph:(4)assist, in coordination with the national cybersecurity and communications integration center under section 227, fusion centers in using information relating to cybersecurity risks to develop a comprehensive and accurate threat picture; and; and(D)in subsection (j)—(i)by redesignating paragraphs (1) through (5) as paragraphs (2) through (6), respectively; and(ii)by inserting before paragraph (2), as so redesignated, the following new paragraph:(1)the term cybersecurity risk has the meaning given that term in section 227;; and(2)in section 227 (6 U.S.C. 148)—(A)in subsection (c)—(i)in paragraph (5)(B), by inserting , including State and major urban area fusion centers, as appropriate before the semicolon at the end;(ii)in paragraph (7), in the matter preceding subparagraph (A), by striking information and recommendations each place it appears and inserting information, recommendations, and best practices; and(iii)in paragraph (9), by inserting best practices, after defensive measures,; and(B)in subsection (d)(1)(B)(ii), by inserting and State and major urban area fusion centers, as appropriate before the semicolon at the end.3.Homeland security grantsSubsection (a) of section 2008 of the Homeland Security Act of 2002 (6 U.S.C. 609) is amended—(1)by redesignating paragraphs (4) through (14) as paragraphs (5) through (15), respectively; and(2)by inserting after paragraph (3) the following new paragraph:(4)enhancing cybersecurity, including preparing for and responding to cybersecurity risks and incidents (as such terms are defined in section 227) and developing statewide cyber threat information analysis and dissemination activities;.4.Sense of CongressIt is the sense of Congress that to facilitate the timely dissemination to appropriate State, local, and private sector stakeholders of homeland security information related to cyber threats, the Secretary of Homeland Security should, to the greatest extent practicable, work to share actionable information related to cyber threats in an unclassified form.Passed the House of Representatives January 31, 2017.Karen L. Haas,Clerk